| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-24747 | HTTP caching is marking private HTTP headers as public | shopware | platform | Medium | 6.3 | 2022-03-09 22:25:16 | Deep Dive |
| CVE-2022-24748 | Incorrect Authentication in shopware | shopware | platform | Medium | 6.8 | 2022-03-09 22:25:09 | Deep Dive |
| CVE-2022-21652 | Insufficient Session Expiration in shopware | shopware | shopware | Low | 3.5 | 2022-01-05 19:20:18 | Deep Dive |
| CVE-2022-21651 | Open redirect in shopware | shopware | shopware | Medium | 6.8 | 2022-01-05 19:15:14 | Deep Dive |
| CVE-2021-41188 | Authenticated Stored XSS in Administration | shopware | shopware | Medium | 5.7 | 2021-10-26 15:00:16 | Deep Dive |
| CVE-2021-37711 | Authenticated server-side request forgery in file upload via URL. | shopware | platform | High | 8.8 | 2021-08-16 22:25:10 | Deep Dive |
| CVE-2021-37710 | Cross-Site Scripting via SVG media files | shopware | platform | High | 8.0 | 2021-08-16 22:20:10 | Deep Dive |
| CVE-2021-37709 | Insecure direct object reference of log files of the Import/Export feature | shopware | platform | Medium | 6.5 | 2021-08-16 22:05:12 | Deep Dive |
| CVE-2021-37708 | Command injection in mail agent settings | shopware | platform | High | 8.8 | 2021-08-16 19:15:13 | Deep Dive |
| CVE-2021-37707 | Manipulation of product reviews via API | shopware | platform | Medium | 6.5 | 2021-08-16 18:55:10 | Deep Dive |
| CVE-2021-32717 | Private files publicly accessible with Cloud Storage providers | shopware | platform | High | 7.5 | 2021-06-24 21:10:12 | Deep Dive |
| CVE-2021-32716 | Internal hidden fields are visible on to many associations in admin api | shopware | platform | Medium | 4.4 | 2021-06-24 21:05:12 | Deep Dive |
| CVE-2021-32712 | Information leakage in Error Handler | shopware | shopware | Medium | 5.3 | 2021-06-24 20:50:11 | Deep Dive |
| CVE-2021-32713 | Authenticated Stored XSS | shopware | shopware | Medium | 4.8 | 2021-06-24 20:25:12 | Deep Dive |
| CVE-2021-32711 | Leak of information via Store-API | shopware | platform | Critical | 9.1 | 2021-06-24 20:05:13 | Deep Dive |
| CVE-2021-32710 | Potential Session Hijacking in Shopware | shopware | platform | Medium | 5.9 | 2021-06-24 19:45:17 | Deep Dive |
| CVE-2021-32709 | Creation of order credits was not validated by acl in admin orders | shopware | platform | Medium | 4.9 | 2021-06-24 18:50:11 | Deep Dive |